Home: Advertise local v6 subnet.
This commit is contained in:
parent
6ed75a8037
commit
3d09d2883e
|
@ -112,7 +112,7 @@ in {
|
||||||
in {
|
in {
|
||||||
# All subdomains to current host.
|
# All subdomains to current host.
|
||||||
# ${config.container.domain} = config.container.host;
|
# ${config.container.domain} = config.container.host;
|
||||||
"voronind.com" = "10.0.0.1";
|
"voronind.com" = "10.0.0.1,fd09:8d46:b26::1";
|
||||||
}
|
}
|
||||||
// block "gosuslugi.ru"
|
// block "gosuslugi.ru"
|
||||||
// block "rutube.ru"
|
// block "rutube.ru"
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
{ ... }: {
|
|
||||||
services.cloudflare-dyndns = {
|
|
||||||
enable = true;
|
|
||||||
apiTokenFile = "/storage/hot/container/ddns/data/token";
|
|
||||||
deleteMissing = false;
|
|
||||||
ipv4 = true;
|
|
||||||
ipv6 = true;
|
|
||||||
proxied = false;
|
|
||||||
domains = let
|
|
||||||
domain = "voronind.com";
|
|
||||||
in [
|
|
||||||
domain
|
|
||||||
] ++ map (sub: "${sub}.${domain}") [
|
|
||||||
"cloud"
|
|
||||||
"git"
|
|
||||||
"mail"
|
|
||||||
"office"
|
|
||||||
"paste"
|
|
||||||
"vpn"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,5 +1,5 @@
|
||||||
# 10.0.0.0/24 - phys clients (lan).
|
# 10.0.0.0/24 & fd09:8d46:0b26::/48 - phys clients (lan).
|
||||||
# 10.1.0.0/24 - containers.
|
# 10.1.0.0/24 & fd76:c80a:8e86::/48 - containers.
|
||||||
# 10.1.1.0/24 - vpn clients.
|
# 10.1.1.0/24 - vpn clients.
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
|
@ -8,9 +8,10 @@
|
||||||
util,
|
util,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
external = "188.242.247.132"; # Wan host IP address.
|
external = "188.242.247.132"; # Wan host IP address.
|
||||||
internal = "10.0.0.1"; # Lan host IP address.
|
internal = "10.0.0.1"; # Lan host IP address.
|
||||||
wifi = "10.0.0.2"; # Wifi router IP address.
|
external6 = "2a05:3580:f42c:c800:aaa1:59ff:fe47:fda2"; # Wan host IP6 address.
|
||||||
|
internal6 = "fd09:8d46:b26::1"; # Lan host IP6 address.
|
||||||
|
|
||||||
lan = "br0"; # Lan interface.
|
lan = "br0"; # Lan interface.
|
||||||
wan = "enp8s0"; # Wan interface.
|
wan = "enp8s0"; # Wan interface.
|
||||||
|
@ -78,10 +79,10 @@ in {
|
||||||
};
|
};
|
||||||
"30-${lan}" = {
|
"30-${lan}" = {
|
||||||
matchConfig.Name = lan;
|
matchConfig.Name = lan;
|
||||||
bridgeConfig = {};
|
|
||||||
linkConfig.RequiredForOnline = "carrier";
|
linkConfig.RequiredForOnline = "carrier";
|
||||||
address = [
|
address = [
|
||||||
"10.0.0.1/24"
|
"${internal}/24"
|
||||||
|
"${internal6}/48"
|
||||||
];
|
];
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
DHCPPrefixDelegation = true;
|
DHCPPrefixDelegation = true;
|
||||||
|
@ -90,16 +91,22 @@ in {
|
||||||
IPv6SendRA = true;
|
IPv6SendRA = true;
|
||||||
};
|
};
|
||||||
ipv6SendRAConfig = {
|
ipv6SendRAConfig = {
|
||||||
# EmitDNS = true;
|
EmitDNS = true;
|
||||||
# DNS = ":self";
|
DNS = internal6;
|
||||||
};
|
};
|
||||||
|
ipv6Prefixes = [
|
||||||
|
{
|
||||||
|
AddressAutoconfiguration = true;
|
||||||
|
Prefix = "${internal6}/64";
|
||||||
|
}
|
||||||
|
];
|
||||||
dhcpPrefixDelegationConfig = {
|
dhcpPrefixDelegationConfig = {
|
||||||
Announce = true;
|
Announce = true;
|
||||||
SubnetId = 1;
|
SubnetId = 1;
|
||||||
UplinkInterface = wan;
|
UplinkInterface = wan;
|
||||||
};
|
};
|
||||||
dhcpServerConfig = {
|
dhcpServerConfig = {
|
||||||
DNS = "10.0.0.1";
|
DNS = internal;
|
||||||
DefaultLeaseTimeSec = "12h";
|
DefaultLeaseTimeSec = "12h";
|
||||||
EmitDNS = true;
|
EmitDNS = true;
|
||||||
EmitNTP = true;
|
EmitNTP = true;
|
||||||
|
@ -108,7 +115,7 @@ in {
|
||||||
MaxLeaseTimeSec = "24h";
|
MaxLeaseTimeSec = "24h";
|
||||||
PoolOffset = 100;
|
PoolOffset = 100;
|
||||||
PoolSize = 150;
|
PoolSize = 150;
|
||||||
ServerAddress = "10.0.0.1/24";
|
ServerAddress = "${internal}/24";
|
||||||
Timezone = const.timeZone;
|
Timezone = const.timeZone;
|
||||||
UplinkInterface = wan;
|
UplinkInterface = wan;
|
||||||
};
|
};
|
||||||
|
@ -176,6 +183,7 @@ in {
|
||||||
|
|
||||||
# Full access from Lan.
|
# Full access from Lan.
|
||||||
iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
|
iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
|
||||||
|
ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6}
|
||||||
|
|
||||||
# Allow DHCP.
|
# Allow DHCP.
|
||||||
iptables -I INPUT -j ACCEPT -i ${lan} -p udp --dport 67
|
iptables -I INPUT -j ACCEPT -i ${lan} -p udp --dport 67
|
||||||
|
|
Loading…
Reference in a new issue